[Bug 256926] Re: Cross-site scripting through sendError (CVE-2008-1232)

Launchpad Bug Tracker Fri, 22 Aug 2008 07:50:53 -0700

This bug was fixed in the package tomcat6 - 6.0.18-0ubuntu1

---------------
tomcat6 (6.0.18-0ubuntu1) intrepid; urgency=low


  * New upstream version (LP: #260016)
    - Fixes CVE-2008-2938: Directory traversal vulnerability (LP: #256802)
    - Fixes CVE-2008-2370: Information disclosure vulnerability (LP: #256922)
    - Fixes CVE-2008-1232: XSS through sendError vulnerability (LP: #256926)
  * Dropped CVE-2008-1947.patch (fix is shipped in this upstream release)
  * control: Improve short descriptions for the binary packages
  * copyright: Added link to /usr/share/common-licenses/Apache-2.0
  * control: To pull the right JRE, libtomcat6-java now depends on
    default-jre-headless | java6-runtime-headless

 -- Thierry Carrez <[EMAIL PROTECTED]>   Fri, 22 Aug 2008
09:15:11 +0200

** Changed in: tomcat6 (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1947

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2370

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2938

-- 
Cross-site scripting through sendError (CVE-2008-1232)
https://bugs.launchpad.net/bugs/256926
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 256926] Re: Cross-site scripting through sendError (CVE-2008-1232)

Reply via email to